search

kubearmor / KubeArmor

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
https://kubearmor.io/
Apache License 2.0
1.32k stars 325 forks source link

Improve Scorecard Score for Kubearmor #1532

Open rootxrishabh opened 7 months ago

rootxrishabh commented 7 months ago

Feature Request

Short Description

Improve the aggregate OSSF/Scorecard score received for Kubearmor Currently, the score we received was 5.1/10.

Is your feature request related to a problem? Please describe the use case.

No

Describe the solution you'd like

Work on each area to analyze where the score is dropped and how we can improve upon it!

<!DOCTYPE html>

Scorecard Result Details

Aggregate score: 5.1 / 10

SCORE		 NAME REASON DOCUMENTATION/REMEDIATION
10 / 10 Dangerous-Workflow No dangerous workflow detected https://github.com/ossf/scorecard/blob/4edb07802fdad892fa8d10f8fd47666b6ccc27c9/docs/checks.md#dangerous-workflow
0 / 10 Binary-Artifacts multiple binary artifacts found https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#binary-artifacts
2 / 10 Branch-Protection branch protection is not maximal on main and all release branches https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule and https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule
10 / 10 CI-Tests 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#ci-tests
5 / 10 CII-Best-Practices badge detected: passing https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#cii-best-practices
10 / 10 Code-Review GitHub code reviews found for 30 commits out of the last 30 -- score normalized to 10 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#code-review
10 / 10 Contributors 44 different companies found -- score normalized to 10 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#contributors
10 / 10 Dependency-Update-Tool update tool detected https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#dependency-update-tool
0 / 10 Fuzzing project is not fuzzed https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#fuzzing
10 / 10 Maintained 30 commit(s) out of 30 and 30 issue activity out of 30 found in the last 90 days -- score normalized to 10 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#maintained
10 / 10 Packaging publishing workflow detected https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#packaging
0 / 10 Pinned-Dependencies No dependencies are pinned https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#pinned-dependencies
0 / 10 SAST SAST tool is not run on all commits -- score normalized to 0 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#sast and https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#configuring-default-setup-for-a-repository
10 / 10 Security-Policy security policy file detected https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#security-policy
0 / 10 Signed-Releases 0 out of 5 artifacts are signed -- score normalized to 0 https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#signed-releases and https://wiki.debian.org/Creating%20signed%20GitHub%20releases
0 / 10 Token-Permissions non read-only tokens detected in GitHub workflows, tokens are not managed https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#token-permissions
10 / 10 Vulnerabilities Several vulnerabilities detected https://github.com/ossf/scorecard/blob/23b0ddb8aa96356321cf31a2709723e29b15a951/docs/checks.md#vulnerabilities

CC @daemon1024 @nyrahul

DelusionalOptimist commented 6 months ago

Vulnerabilities are a P0 - we'll create PRs first which require dep updates. Other tasks need to be done by maintainers.

DelusionalOptimist commented 2 months ago

Reopening as we still have to improve the score.